How to use WhoisXML API in Combination 
with Maltego for Advanced Mapping and 
Reconnaissance of Botnet Command and 
Control Infrastructure Using Hostinger’s 
Legitimate Infrastructure 


Executive Summary 


With more cybercriminals popping up online for the purpose of causing havoc and widespread 
damage it shouldn’t be surprising that both legitimate and purely malicious infrastructure is active 
actively abused for the purpose of hosting malicious software spam and phishing emails including to 
actually use it as a botnet and malicious software C&C (Command and Control) channel potentially 
undermining modern IP and domain reputation techniques and current and ongoing threat intelligence 
efforts potentially serving the needs of the bad guys who often rely on legitimate hosting provider's 
infrastructure for their malicious and fraudulent needs which also includes the actual hosting of 
malicious software and the actual C&C (Command and Control) hosting infrastructure. 


We've recently detected and profiled a currently active botnet C&C infrastructure that’s exclusively 
using Hostinger’s legitimate infrastructure for actual C&C communication channel and decided to 
provide an in-depth analysis and report on the topic to further emphasize how the bad guys are 
actually using legitimate infrastructure for the purpose of botnet C&C communication channel with the 
idea to provide timely and relevant including actionable threat intelligence on the infrastructure. 


The campaign relies on Hostinger’s legitimate infrastructure for the purpose of botnet C&C 
communication where we’ve also managed to identify the actual domains and IPs in questions 
including the actual MD5s that are currently in circulation and we’ve decided to share the results of our 
findings in an in-depth and comprehensive report on the topic. 


01. Introduction to WHOIS XML API 


WhoisXML API is one of the Web’s and the security industry’s primary destinations for threat 
intelligence and cybercrime research, including OSINT types of domain, IP, and current and historical 
WHOIS data records with billions of domain, IP, and WHOIS records within WhoisXML API’s database. 
Novice and experienced cybercrime researchers and threat intelligence analysts, including OSINT 
experts and analysts, should consider adopting WhoisXML API’s products in their arsenal of OSINT 
tools and public database repositories and databases, largely considering the tools offered as their 
primary information sources and threat intelligence gathering solutions and publicly accessible 
databases for using them in their current and ongoing OSINT and cybercrime analyses including 
threat intelligence type of investigations. 


02. How to get a proper account 


Cybercrime researchers and threat intelligence analysts interested in obtaining access to one of the 
Web’s and the industry’s most comprehensive and in-depth data set of real-time and historical domain 
IP and WHOIS information should grab an account from the following URL - 
https://main.whoisxmlapi.com/signup for the purpose of beginning their OSINT and cybercrime 
research including their threat hunting and threat intelligence gathering process. 


Product Tier 1 Tier 2 Tier 3 Tier 4 Tier 5 Tier 6 Units 
WHOIS and Bulk WHOIS 100,000 500,000 1,000,000 2,000,000 5,000,000 10,000,000 Monthly queries 
Domain Availability 100,000 500,000 1,000,000 2,000,000 5,000,000 10,000,000 Monthly queries 
IP Geolocation 50,000 100,000 200,000 500,000 1,000,000 2,000,000 Monthly queries 
IP Netblocks 50,000 100,000 200,000 500,000 1,000,000 2,000,000 Monthly queries 
DNS Lookup 100,000 200,000 500,000 1,000,000 2,000,000 4,000,000 Monthly queries 
Email Verification 50,000 100,000 200,000 500,000 1,000,000 2,000,000 Monthly queries 
Domain Reputation 50,000 100,000 200,000 500,000 1,000,000 2,000,000 Monthly queries 
Website Categorization 50,000 100,000 200,000 500,000 1,000,000 2,000,000 Monthly queries 
bsite Contacts 50,000 100,000 200,000 500,000 1,000,000 2,000,000 Monthly queries 


Sample WhoisXML API Pricing Plans Web Site 
03. How to install Maltego 


For the purpose of this case study we’ll use the popular OSINT gathering and enrichment tool Maltego, 
which you can grab from the following URL - https://www.maltego.com/downloads/ on your way to 
begin using and utilizing WhoisXML API’s advanced domain, IP, and historical and current WHOIS 
information and one of the Web’s and the industry’s most comprehensive and in-depth database. 


HH Maltego for Windows 


SELECT A FILE TYPE 


.exe + Java (x64) v 


https://maltego-downloads.s3.... ' 


You can view our change loghere > 


Java 11 64 bit is recommended. 


Sample Maltego Download Web Site 
04. How to use the WHOIS XML API Maltego Integration 


Before using Maltego users should follow the instructions and grab a proper WhoisXML API account 
which they can later on use for the actual research and OSINT research and analysis, including the 
actual enrichment process. 
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To Domains and IP Addresses (Historical Reverse WHOIS Search) [WhoisXML] 


To Domains and IP Addresses (Reverse WHOIS Search) [WhoisXML] 
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To Historical WHOIS Records [WhoisXML] 


To WHOIS Records [WhoisXML] 
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Sample Maltego GUI Interface relying on WHOIS XML API’s for OSINT research and analysis and 
actual network and domain reconnaissance and footprint including actual enrichment 


Users should then proceed with the actual OSINT research and enrichment process by importing the 
domains and actual IPs for their research in questions directly into Maltego by using the import feature 
or by manually adding them for the purpose of actually beginning the actual OSINT enrichment and 
research process. 


05. Profiling a Botnet Command and Control Infrastructure Using Hostinger’s Legitimate 
Infrastructure - A Case Study 


In this analysis and research we’ve decided to share and profile the activities of a currently active 
botnet C&C communication network which is exclusively using Hostinger’s legitimate infrastructure for 
the purpose of C&C communication potentially undermining modern IP and domain reputation efforts 
potentially serving the needs of the bad guys who are currently busy launching malicious campaigns 
and using Hostinger’s infrastructure as a C&C communication channel. 
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Sample Maltego Graph Analysis of a currently active Botnet C&C infrastructure using Hostinger’s 
legitimate infrastructure 
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Sample Maltego Graph Analysis of a currently active Botnet C&C infrastructure using Hostinger’s 


legitimate infrastructure 


06. Basic OSINT Enrichment Process 


In this analysis we’ve decided to share the actual findings based on our research which include the 
actual malicious IPs and the actual C&C communication channel domains including the actual MD5s 
known to have participated in the campaign with the idea to assist legitimate cybercrime researchers 
and OSINT analysts on their way to properly profile and participate in additional OSINT enrichment 


and processing efforts. 


Sample Hostinger’s IPs known to have participated in the campaign and to be currently 
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participating in a rogue Botnet C&C hosting infrastructure: 


145.14.144.95 
145.14.145.1 
145.14.145.120 
145.14.144.176 
145.14.144.203 
145.14.144.32 
145.14.145.179 
145.14.145.42 
145.14.144.124 
145.14.145.115 
145.14.144.253 
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145.14.144.201 
145.14.145.35 
145.14.144.102 
145.14.145.219 
145.14.144.130 
145.14.145.24 
145.14.144.49 
145.14.144.129 
145.14.144.90 
145.14.145.158 
145.14.144.39 
145.14.145.222 
145.14.144.156 
145.14.144.95 
145.14.145.38 
145.14.144.24 
145.14.145.231 
145.14.145.74 
145.14.145.74 
145.14.144.91 
145.14.145.33 
145.14.145.62 
145.14.144.122 
145.14.144.69 
145.14.144.69 
145.14.145.40 
145.14.145.64 
145.14.145.190 
145.14.144.230 
145.14.145.94 
145.14.144.24 
145.14.144.2 
145.14.144.154 
145.14.145.89 
145.14.144.184 
145.14.144.179 
145.14.144.219 
145.14.145.67 
145.14.144.235 
145.14.145.70 
145.14.144.7 
145.14.145.134 
145.14.145.134 
145.14.144.210 


145.14.145.38 
145.14.144.12 
145.14.145.107 
145.14.145.233 
145.14.144.69 
145.14.144.69 
145.14.144.156 
145.14.144.69 
145.14.144.116 
145.14.144.19 
145.14.144.243 
145.14.145.215 
145.14.145.245 
145.14.145.36 
145.14.144.124 
145.14.145.152 
145.14.145.112 
145.14.144.88 
145.14.145.228 
145.14.145.200 
145.14.144.97 
145.14.145.158 
145.14.144.140 
145.14.145.208 
145.14.145.94 
145.14.145.213 
145.14.144.102 
145.14.145.210 
145.14.145.64 
145.14.144.29 
145.14.144.129 
145.14.144.114 
145.14.144.124 
145.14.144.102 
145.14.144.115 
145.14.144.230 
145.14.144.230 
145.14.144.231 
145.14.145.152 
145.14.145.200 
145.14.144.8 
145.14.144.240 
145.14.145.187 
145.14.144.21 


145.14.145.168 
145.14.144.197 
145.14.145.143 
145.14.145.86 
145.14.145.31 
145.14.144.245 
145.14.145.66 
145.14.144.89 
145.14.145.65 
145.14.144.18 
145.14.144.50 
145.14.145.36 
145.14.145.36 
145.14.144.2 
145.14.145.232 
145.14.144.200 
145.14.144.139 
145.14.144.75 
145.14.145.143 
145.14.145.6 


Sample Hostinger’s Free Service Domains Known to have participated in the Botnet C&C 
hosting infrastructure: 


azorult55.000webhostapp.com 
furrer.000webhostapp.com 
luminuis.OOOwebhostapp.com 


luminatebase.000webhostapp.com 
doohs11111.000webhostapp.com 
name242215315.000webhostapp.com 
sakall.00Owebhostapp.com 
perdej.00Owebhostapp.com 
hooktronic1.QOOwebhostapp.com 
updnaral.QOOwebhostapp.com 
naralupd.0OOOwebhostapp.com 
gogfree1.000webhostapp.com 
theblackfun.000webhostapp.com 
hyker.000webhostapp.com 
rulletedonut.000webhostapp.com 
benzemahaha.000webhostapp.com 
karamlol.00Owebhostapp.com 
samperbbcash.000webhostapp.com 
karamelka1.OOOwebhostapp.com 
hvhlegendpro.00O0webhostapp.com 
deathsun1337.000webhostapp.com 
hvhboss.000webhostapp.com 
elien123.000webhostapp.com 
danladen4.000webhostapp.com 
nazarvitalik.OQ00webhostapp.com 
dyslexic-picture.000webhostapp.com 
pickel666.000webhostapp.com 
hvhcsgo.000webhostapp.com 
by1337.000webhostapp.com 
qukz.000webhostapp.com 
wannabyby.000webhostapp.com 
scogcs.000webhostapp.com 
tragee.0O0Owebhostapp.com 
online3130.000webhostapp.com 
gravyshops.000webhostapp.com 
romasshved41.000webhostapp.com 
jehard.00Owebhostapp.com 
crackhahanono.000webhostapp.com 
topsaller31213.000webhostapp.com 
fakesitexbait.00Owebhostapp.com 
doohs1111.000webhostapp.com 
get-free-btc.000webhostapp.com 
batka228.000webhostapp.com 
gtxlpfirefly.O00webhostapp.com 
tokorankoscr.00Owebhostapp.com 
gravyshop228.000webhostapp.com 
spede.000webhostapp.com 


gamesenser.000webhostapp.com 
babkastilak.Q0Owebhostapp.com 
opera3773.000webhostapp.com 
deviceful-errors.000Owebhostapp.com 
jddjj4j4j.000webhostapp.com 
gravyshop111.000webhostapp.com 
sashavpisdu.000webhostapp.com 
whyuneedcrackfakesitehaha.OOOwebhostapp.com 
vzlomvimeworldv3.000webhostapp.com 
doohs.000webhostapp.com 
grabberweter.000webhostapp.com 
m11necraft.000webhostapp.com 
jiemoh13.000webhostapp.com 
st11llers.000webhostapp.com 
superoleggamer.000webhostapp.com 
stalkershops111.000webhostapp.com 
8989898989 0O0O0webhostapp.com 
gyjn.oQ0O0webhostapp.com 
pizdaruly.Q00webhostapp.com 
planktondavid.0OOOwebhostapp.com 
sosatsuki.000webhostapp.com 
basest-rooms.000webhostapp.com 
starf1.000webhostapp.com 
ha4cker.000webhostapp.com 
tribunitial-impulse.OQ0O0Owebhostapp.com 
pizzamazz.000webhostapp.com 
baxinyo.000webhostapp.com 

wedro228 .000webhostapp.com 
jayrolzcashout.000webhostapp.com 
josephgrief228.000webhostapp.com 
homiletic-submarine.OOOwebhostapp.com 
sharjoff.000webhostapp.com 
stalker098.000webhostapp.com 
jlckey.000webhostapp.com 
narkoman1337.000webhostapp.com 
bbmalayalam.00O0webhostapp.com 
paufx.000webhostapp.com 
nvutionefasfsa.00O0webhostapp.com 
gamervordl.00Owebhostapp.com 
swandersd.00Q0webhostapp.com 
davidosik228.000webhostapp.com 
sber-host.000webhostapp.com 
patrilinear-mixture.OOOwebhostapp.com 
deciduate-pot.000webhostapp.com 


ziggeroff.000webhostapp.com 
geggegegegegeg.000webhostapp.com 
appeq.000webhostapp.com 
lasinka.O0Owebhostapp.com 
roling.000Owebhostapp.com 
absorbent-spokes.000webhostapp.com 
polarispOlaris.000webhostapp.com 
pate1k.000webhostapp.com 
fesfesfsefes.000webhostapp.com 
azorult2410.000webhostapp.com 
discaredforftp.000webhostapp.com 
opira.000webhostapp.com 
yaroslavdimitriev.000webhostapp.com 
pssa.000webhostapp.com 
funpay1.000webhostapp.com 
josephgrief.000webhostapp.com 
weilbrain01.000webhostapp.com 
logiakk1i.000webhostapp.com 
nikitaakimenkoklass.000webhostapp.com 
stalkeronline1.000webhostapp.com 
uraganhokino222.000webhostapp.com 
patayka.00Owebhostapp.com 
mixaton.00Owebhostapp.com 
xinchaocacchau.000webhostapp.com 
filess2.000webhostapp.com 
ww6.000webhostapp.com 
auxinity.000webhostapp.com 
sinkable-ingredient.000webhostapp.com 


IP Country City Region ISP Org 
145.14.144.95 | United Charlotte North Hostinger International Hostinger International 
States Carolina Limited Ltd. 
145.14.145.1 United Charlotte North Hostinger International Hostinger International 
States Carolina Limited Ltd. 
145.14.145.120 United Charlotte North Hostinger International Hostinger International 
States Carolina Limited Ltd. 
145.14.144.176 United Charlotte North Hostinger International Hostinger International 
States Carolina Limited Ltd. 
145.14.144.203 United Charlotte North Hostinger International Hostinger International 
States Carolina Limited Ltd. 
145.14.144.32 United Charlotte North Hostinger International Hostinger International 
States Carolina Limited Ltd. 
145.14.145.179 United Charlotte North Hostinger International Hostinger International 
States Carolina Limited Ltd. 
145.14.145.42 United Charlotte North Hostinger International Hostinger International 
States Carolina Limited Ltd. 
145.14.144.124 United Charlotte North Hostinger International Hostinger International 
States Carolina Limited Ltd. 
145.14.145.115 United Charlotte North Hostinger International Hostinger International 
States Carolina Limited Ltd. 
145.14.144.253 United Charlotte North Hostinger International Hostinger International 
States Carolina Limited Ltd. 
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Sample MD5s known to have participated in the campaign and are currently communicating 
with Hostinger’s Legitimate Infrastructure for botnet C&C purposes: 


88849b8f6a9c9760df5aaa825c3b31a1a1 Obddb8698318e02c5f5b 1 80fdeebOf 
ebf3dc1aa5c27baa 10c6c85c0d9e8 2d00f20ff24 1 53fe7481 2fdbed68f55d20e 
43ad2ae619637a36765934896961 2a7 7f49e7e57e23ab1455a92407 28af94ef8 
13e451081374d403dc828c5b 1 56aaebbd987f52b937 cO964bdbd84c4aff9c1a2 
f2efa2ecf699b83e2ca0bdbf52149d31cdf729a4 1b2d59e01 7f20acb21956784 
9d0a5ec50621224534f3e2320172b20c3aebae320aa6de39b33fd07f649ee5e9 
63c8752865f254e26f1 5d86ddb967d7c43270910a98fea33179741f2a7598dc8 
be9d16570ebc968cf4e043496 1 0c9ab4acbeba6e334452f7a9697cb6 1 b83bf58 
1045241 f26746ac094c5661e1c85e9a34157bbb8bd41 2537 fc3f310b6d97dda9 
80359793b141f8ee152000532d1 eb8 141 cce06dc947f430d7 bfefec975ce5821 
288ef1 2ede066b889f87 d69aef23467 1927 1261 3a5f9ff7cd64d2ad7abd46bd8 
a7a1f42353d5e0b8beecef99aeb08f9c0c93c2ca9985ffi26a24a1e3341082a79 
4ae5e427577b2b915169b1ce72036 14b8ee0443993ca5ccbefd50c9eedfc870d 
d7fce214fa966de20b14f8867a25cf29f87 1 46cc46399be1 4c398d0cce2f6451 
3ab526ed35e1423b7edfec603010164850fbf60df62752f5a30ca9409af5d6a0 
271973ff6a3278c4a1 2ac265c2abbf369f67 bb5c39f3574fe68dbc7f922e1812 


9Yad06ae676239a1d0a30f1b22fdeb2c12c88836b9acd7e0316477e914fe9cdb5 
ef1e8a81a75b40320a0cefaaf1 e4978989b2b0f9c21c80a24e6fba100e303c71 
82fbbec39e5294475094c4235da66da314b954a1 5d633daaed2a05e3f8dc4531 
c1a6387b011461afeca78e254875b5dcae22a3eff6f82cfaf62f7 1695abe3ba1 
26ae23e34739fa9747b1ebca742c7faad407b328afe9ee495e31531ef74aafdf 
c1f8ab7a29428c7670c9a8a36c23cf55fbcfa3baa3c0ca458c72c13a59bae299 
b978ed7c6e16b7d37957546 7ea938f89f3f32ec0c42e59593494f73341dc81fe 
9c777d5e8988bce8a7/3452def7/ca806eaed32eb05b37 2e906cc0922fb0ca95ed 
afo227feb86b65c2b0 1cb68847259d85b97 10980ed34dc332b9a4948a99d0b68 
acc2d8846d6b6bdc4face6843522d1279c791c73a7b8637f4cf25afe35d469bd 
7328970f882660f95abaca4e44b58c3dc0e0a22d7984795791477617570743b7 
4dd46cc17 11ec4dbc2038bff8be505baaa08322ffded20f7decaa60eb55191f2 
a46ea9d06a390cb1ed765d22e1 2f5dfa58ea68a967 824946751 cd46eae441 ef 
98cc3044493f2876ecc774b209b31869d 1 75694f1daa6b2c5383114a0382eb83 
0b97905330043bb4064006897f0db31 812add81 7ee0fb69596953ea525cd6460 
0b2b05216a4449c6204c84a2b0cf43c3a8 188b53e29be1 f83b858bd 1b7f8c417 
9a87209923f4cfe81feedbbf 1 3e8dfcab78732258b0e8a87 d2a43d202d33a062 
46639679ec57bb38dfba3cb459dee26da862d551 5e6e1 7da9c0c4c87c073f2de 
8741527fd2974bdc86c087 175b07 201 cce897518dc07d7dbfa2 1 2ff5dedb8c33 
2de83614000e84f0891 dd7955f1e346f3992ccac9e3d0 1d7bc64b58df3e45003 
aebf4efec27 1b2a97656c8c413d50e3336a2aa8id4d3ef461 0d5ba440691 9fet 
a0a7dec94394bb3dfa0a4660c2ce8523b0a01 e004 a9a8ddcf0ff352cc2854960 
bd31a197cb8765b5c5 10807e63edb60956d9c0ea9 1228b22 1ff4d7e6ea79495d 
e2f3b4feef0f02ce46e2d6801 5f146fe9924c926 11 abf486d32fa140c1d2ce7c 
493438299ec5967c39e34 1242ead849bc20221 6bd582a589836108d5bf4cifda 
b73019268d92907ce1ec54cdbe2c67fdf4d04 18360bf5dfcbce64ec3a9777751 
15f3b8d5948dca9532a8578147935f812d684cbcfb3cc6ad2bd861 f048c2b5f1 
dd448148bec5fcee7d6dec7 1b10b320704b96b0eddc4c0b3f8294dc351c0d726 
3a317c7fe889e73059589 136334a063a5cab57f57bf6d31192455f74d 1 6f3b46 
a3d4071f5c2aded895cf29a4efcfa3fa1 34d 1b992b5b884ab90 1 0f9af4d56030 
604dc7e88c8de2aa8c9e3b7917be25b42fe4 1b9702fd1a2f35b1c09372d5bd35 
5ca3f43e97cfbcb135804e430fc88f7d26287d924514b34b8ec11159e1c36fcf 
dd860b1b9612e733d8f0985148b1f47cd9361243ccb729c3b6c3c2280461e157 
9896b67d6f15543de5b6fb8 76688fc3a4d1c77ad7ed822c8a67e2572dccad5f3 
ec693ab83d9b4f8cbf2d3321124ad 1 1aad3f24ea62d58bcb53965d8cafb07 ecf 
f6a9251 a6c5ef576e4a6a50257e97 1dc3096c2e6e9605b81 5e562e0350be9c2e 
4dd771413bedcc55cd73cc8f3c7 5fidd4b00cc84853bce2b62fc48dc178a087e 
ff6e3f1adb64bd83cb7c39e6f6a8d97 1 Obc661cab92a5b2a8f605d36c84e1 7ae 
8fa9eb00743b99f094b6349a27 deb66 1 7094c01f0410361ef7eee04 1f8de66a 
98d9a977a51bf3d678665c324ff367 898cdd2aeeb/6fb56 1f20568 144325e6e7 
643f6a92da2744df02d9a91 8c630736c9C95c2428b8b5c0829229e9 2eade4fcdd 
170c7ca8940d943aba7733850dc82 1 666faeee288bcid9f488867 9ecad5eee8a3 
9e804f7c1a2af557a676b0a6c2f16896795db09b374a8de7 2ea6e9b05956f77f 
3f2Fff9109a955147c2f8c004eaf149e02b877e07 73d3548e67 15f6d1e6e89518 


3e08d15b089e8204f02f74a1c37705f7e741fafd2ca39a637499976ce401b89a 
a5883aea6aab88764a92e1 c55b536c9689a57a5f643533724429b4d7dbe883b2 
ad3dd8f7 1b11cc3b56b7282580359d06b21 e40a6f851c78957e0e9d084f4d6e0 
8e9dff519eec6d5aee5f4f02a45b7210895038a089a3dcb2de0486ac32a8f585 
ff4fd920ef0600644 157 1ac2cf9f8234ed16707e4b5505d66c343fadbcb244f6 
298b3752e285ca528d21 b9a4bcaced61a88cd61ec7e9fe7a9cd8219c9fdb2ede 
2aef15daa4 151 8f80423a5ddee02f67a759887 651 0e927bbed56ad3f01 ff22840 
06922c21424fd65bfa11e3478911450735e3fdae6e1 1f28ed3e5af635b9cb789 
9b36becbh449b8d0c5cd8 1644f07df1d75a66bb6fceb 1 982825cad985c47ba222 
b700e835817b1561 fbo7bb5159f2e6 1867305caf15a75e5dff84cbaa6fe20f8be 
d91b20cdc2e25badf34d528426b7c9b7993974b41 7935e0272c48d310011fb1c 
474005c50d35b50556f7b7a8deace4dbec86cec0a5741a72c510aa34ec5af532 
6030b160dc7ae7d603ad792b59b8f2d4b3eaefd915130a3231d120d1052e4457 
c6515792b03d478cd3e62ab656f282c58602d945839f74c633d024703d4c17bd2 
9420 aff489e9ad332b87b2a2b660fe88d82a0fca732ee1 Ofac213387d066de03 
e59d3b262a84746e2f59f202e83413705e54c58c5e54f9 1 5c7c1 9e8866F8d6bc 
b641ee5295294f1b7b1385b4eb625b255930c8b6dbf80f65f5d279f7b78322db 
8b94413c149f5ab2f8b5bf7bd523ce0136907850e12846a55b6159d29b7c9fe7 
aa1e95fd2ca3373d46b0beb562553acd32cdfa1 6Gaddd7 3bcc2e3df7439aed503 
e€865410e38a2cd2fbcaf9d51db1686c0d2b315337d01696ff03a4e 103460930e 
047915ca9ecfcd899c48d06c7ab21 7c1d6fbca935b266d62bcd46a6fb3f11ce3 


07. Conclusion 


We expect to continue observing an increase in legitimate infrastructure abuse courtesy of the bad 
guys and we'll continue monitoring these campaigns and continue publishing our findings in a series of 


white papers and reports including actual case studies. 


